search

vmware-archive / fly

old - now lives in https://github.com/concourse/concourse
BSD 2-Clause "Simplified" License
100 stars 73 forks source link

Allow fly to receive target parameters via CLI flags #234

Closed jwntrs closed 6 years ago

jwntrs commented 6 years ago

The new auth work introduces backwards-incompatible changes to fly login. We need to introduce a way to specify a target url with the sync command that does not require you to log in first.

We're going to implement the approach @vito outlined in https://github.com/concourse/fly/pull/193.

jama22 commented 6 years ago

Closing because #193 is closed

jwntrs commented 6 years ago

Ok so things are getting weird.

193 mostly talks about overriding your .flyrc target when doing things like fly set-pipeline. It gets weird when we need to take into account saving a target during fly login. The command below doesn't really mean anything, but is technically possible.

fly \
--target-url https://my-concourse.com \
--target-team some-team \
--target-ca-cert /tmp/some-cert \
login \
--concourse-url https://my-concourse.com \
--team-name some-team \
--ca-cert /tmp/some-cert

We're thinking of changing the flags to fly login, adding --save-target while removing --concourse-url, --team-name, --ca-cert. In this scenario the above command would look something like this:

fly \
--target-url https://my-concourse.com \
--target-team some-team \
--target-ca-cert /tmp/some-cert \
login \
--save-target my-target

In this case if you provide the --save-target flag then your token is persisted to your .flyrc. If you don't provide the flag then your token will get output to stdout, where you can parse it yourself, and feed it back to subsequent calls:

fly \
--target-url https://my-concourse.com \
--target-team some-team \
--target-ca-cert /tmp/some-cert \
--target-token-type "Bearer" \
--target-token-value "1234567890" \
set-pipeline \
...

This would be yet another breaking change in the wonderful world of global users, but maybe this is the right time to do it.

@vito @topherbullock @jama-pivotal thoughts?

vito commented 6 years ago

@pivotal-jwinters How about we hoist the --concourse-url, --ca-cert, and --team-name flags from login into the global scope? Then login is just used to authenticate and save a target alias.

We could also allow --team-name to be specified on a command-by-command basis, since in the new world (with concourse/concourse#1888) the token is actually valid for many teams at once. If that's too hard don't bother, we can break it out as a later issue.

jama22 commented 6 years ago

This turned out to be a whole thing. Decided to work around it by using wget the appropriate version of fly. Its not as urgent to work on now, closing for now. If we need to we'll re-open

lrstanley commented 6 years ago

https://github.com/concourse/concourse/issues/2399#issuecomment-406586404 has some rough relation to this.